cvelistv5 - cve-2018-3180

CVE-2018-3180 (GCVE-0-2018-3180)

Vulnerability from cvelistv5

Published

2018-10-17 01:00

Modified

2024-10-02 19:39

Severity ?

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.

Summary

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

References

URL

Tags

	https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:3007	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20181018-0001/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2942	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3779	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3534	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3350	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3003	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3804-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3002	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3671	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3852	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4326	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/3824-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2943	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3008	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:3533	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3409	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3001	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3000	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1041889	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:3672	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:3521	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/105617	vdb-entry, x_refsource_BID
	https://security.gentoo.org/glsa/201908-10	vendor-advisory, x_refsource_GENTOO
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java	Version: Java SE: 6u201, 7u191, 8u181 Version: Java SE Embedded: 8u181 Version: JRockit: R28.3.19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:43:34.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html"
          },
          {
            "name": "RHSA-2018:3007",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3007"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
          },
          {
            "name": "RHSA-2018:2942",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2942"
          },
          {
            "name": "RHSA-2018:3779",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3779"
          },
          {
            "name": "RHSA-2018:3534",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3534"
          },
          {
            "name": "RHSA-2018:3350",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3350"
          },
          {
            "name": "RHSA-2018:3003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3003"
          },
          {
            "name": "USN-3804-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3804-1/"
          },
          {
            "name": "RHSA-2018:3002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3002"
          },
          {
            "name": "RHSA-2018:3671",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3671"
          },
          {
            "name": "RHSA-2018:3852",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3852"
          },
          {
            "name": "DSA-4326",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4326"
          },
          {
            "name": "USN-3824-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3824-1/"
          },
          {
            "name": "RHSA-2018:2943",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2943"
          },
          {
            "name": "RHSA-2018:3008",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3008"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "RHSA-2018:3533",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3533"
          },
          {
            "name": "RHSA-2018:3409",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3409"
          },
          {
            "name": "RHSA-2018:3001",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3001"
          },
          {
            "name": "RHSA-2018:3000",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3000"
          },
          {
            "name": "1041889",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041889"
          },
          {
            "name": "RHSA-2018:3672",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3672"
          },
          {
            "name": "RHSA-2018:3521",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3521"
          },
          {
            "name": "105617",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105617"
          },
          {
            "name": "GLSA-201908-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201908-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-3180",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T18:07:28.112556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T19:39:19.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 6u201, 7u191, 8u181"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u181"
            },
            {
              "status": "affected",
              "version": "JRockit: R28.3.19"
            }
          ]
        }
      ],
      "datePublic": "2018-10-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-21T23:06:10.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html"
        },
        {
          "name": "RHSA-2018:3007",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3007"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
        },
        {
          "name": "RHSA-2018:2942",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2942"
        },
        {
          "name": "RHSA-2018:3779",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3779"
        },
        {
          "name": "RHSA-2018:3534",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3534"
        },
        {
          "name": "RHSA-2018:3350",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3350"
        },
        {
          "name": "RHSA-2018:3003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3003"
        },
        {
          "name": "USN-3804-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3804-1/"
        },
        {
          "name": "RHSA-2018:3002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3002"
        },
        {
          "name": "RHSA-2018:3671",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3671"
        },
        {
          "name": "RHSA-2018:3852",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3852"
        },
        {
          "name": "DSA-4326",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4326"
        },
        {
          "name": "USN-3824-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3824-1/"
        },
        {
          "name": "RHSA-2018:2943",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2943"
        },
        {
          "name": "RHSA-2018:3008",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3008"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "name": "RHSA-2018:3533",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3533"
        },
        {
          "name": "RHSA-2018:3409",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3409"
        },
        {
          "name": "RHSA-2018:3001",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3001"
        },
        {
          "name": "RHSA-2018:3000",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3000"
        },
        {
          "name": "1041889",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041889"
        },
        {
          "name": "RHSA-2018:3672",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3672"
        },
        {
          "name": "RHSA-2018:3521",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3521"
        },
        {
          "name": "105617",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105617"
        },
        {
          "name": "GLSA-201908-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201908-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2018-3180",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 6u201, 7u191, 8u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u181"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "JRockit: R28.3.19"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html"
            },
            {
              "name": "RHSA-2018:3007",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3007"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181018-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
            },
            {
              "name": "RHSA-2018:2942",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2942"
            },
            {
              "name": "RHSA-2018:3779",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3779"
            },
            {
              "name": "RHSA-2018:3534",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3534"
            },
            {
              "name": "RHSA-2018:3350",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3350"
            },
            {
              "name": "RHSA-2018:3003",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3003"
            },
            {
              "name": "USN-3804-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3804-1/"
            },
            {
              "name": "RHSA-2018:3002",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3002"
            },
            {
              "name": "RHSA-2018:3671",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3671"
            },
            {
              "name": "RHSA-2018:3852",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3852"
            },
            {
              "name": "DSA-4326",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4326"
            },
            {
              "name": "USN-3824-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3824-1/"
            },
            {
              "name": "RHSA-2018:2943",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2943"
            },
            {
              "name": "RHSA-2018:3008",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3008"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "RHSA-2018:3533",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3533"
            },
            {
              "name": "RHSA-2018:3409",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3409"
            },
            {
              "name": "RHSA-2018:3001",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3001"
            },
            {
              "name": "RHSA-2018:3000",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3000"
            },
            {
              "name": "1041889",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041889"
            },
            {
              "name": "RHSA-2018:3672",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3672"
            },
            {
              "name": "RHSA-2018:3521",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3521"
            },
            {
              "name": "105617",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105617"
            },
            {
              "name": "GLSA-201908-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201908-10"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2018-3180",
    "datePublished": "2018-10-17T01:00:00.000Z",
    "dateReserved": "2017-12-15T00:00:00.000Z",
    "dateUpdated": "2024-10-02T19:39:19.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html\", \"name\": \"[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3007\", \"name\": \"RHSA-2018:3007\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20181018-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2942\", \"name\": \"RHSA-2018:2942\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3779\", \"name\": \"RHSA-2018:3779\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3534\", \"name\": \"RHSA-2018:3534\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3350\", \"name\": \"RHSA-2018:3350\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3003\", \"name\": \"RHSA-2018:3003\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3804-1/\", \"name\": \"USN-3804-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3002\", \"name\": \"RHSA-2018:3002\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3671\", \"name\": \"RHSA-2018:3671\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3852\", \"name\": \"RHSA-2018:3852\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4326\", \"name\": \"DSA-4326\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3824-1/\", \"name\": \"USN-3824-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2943\", \"name\": \"RHSA-2018:2943\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3008\", \"name\": \"RHSA-2018:3008\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3533\", \"name\": \"RHSA-2018:3533\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3409\", \"name\": \"RHSA-2018:3409\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3001\", \"name\": \"RHSA-2018:3001\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3000\", \"name\": \"RHSA-2018:3000\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041889\", \"name\": \"1041889\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3672\", \"name\": \"RHSA-2018:3672\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3521\", \"name\": \"RHSA-2018:3521\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/105617\", \"name\": \"105617\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-10\", \"name\": \"GLSA-201908-10\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T04:43:34.825Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-3180\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-02T18:07:28.112556Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-02T18:08:03.634Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java\", \"versions\": [{\"status\": \"affected\", \"version\": \"Java SE: 6u201, 7u191, 8u181\"}, {\"status\": \"affected\", \"version\": \"Java SE Embedded: 8u181\"}, {\"status\": \"affected\", \"version\": \"JRockit: R28.3.19\"}]}], \"datePublic\": \"2018-10-16T00:00:00.000Z\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html\", \"name\": \"[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3007\", \"name\": \"RHSA-2018:3007\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20181018-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2942\", \"name\": \"RHSA-2018:2942\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3779\", \"name\": \"RHSA-2018:3779\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3534\", \"name\": \"RHSA-2018:3534\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3350\", \"name\": \"RHSA-2018:3350\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3003\", \"name\": \"RHSA-2018:3003\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://usn.ubuntu.com/3804-1/\", \"name\": \"USN-3804-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3002\", \"name\": \"RHSA-2018:3002\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3671\", \"name\": \"RHSA-2018:3671\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3852\", \"name\": \"RHSA-2018:3852\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4326\", \"name\": \"DSA-4326\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://usn.ubuntu.com/3824-1/\", \"name\": \"USN-3824-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2943\", \"name\": \"RHSA-2018:2943\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3008\", \"name\": \"RHSA-2018:3008\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3533\", \"name\": \"RHSA-2018:3533\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3409\", \"name\": \"RHSA-2018:3409\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3001\", \"name\": \"RHSA-2018:3001\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3000\", \"name\": \"RHSA-2018:3000\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securitytracker.com/id/1041889\", \"name\": \"1041889\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3672\", \"name\": \"RHSA-2018:3672\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3521\", \"name\": \"RHSA-2018:3521\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.securityfocus.com/bid/105617\", \"name\": \"105617\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://security.gentoo.org/glsa/201908-10\", \"name\": \"GLSA-201908-10\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2019-08-21T23:06:10.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Java SE: 6u201, 7u191, 8u181\", \"version_affected\": \"=\"}, {\"version_value\": \"Java SE Embedded: 8u181\", \"version_affected\": \"=\"}, {\"version_value\": \"JRockit: R28.3.19\", \"version_affected\": \"=\"}]}, \"product_name\": \"Java\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html\", \"name\": \"[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3007\", \"name\": \"RHSA-2018:3007\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20181018-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20181018-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2942\", \"name\": \"RHSA-2018:2942\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3779\", \"name\": \"RHSA-2018:3779\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3534\", \"name\": \"RHSA-2018:3534\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3350\", \"name\": \"RHSA-2018:3350\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3003\", \"name\": \"RHSA-2018:3003\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://usn.ubuntu.com/3804-1/\", \"name\": \"USN-3804-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3002\", \"name\": \"RHSA-2018:3002\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3671\", \"name\": \"RHSA-2018:3671\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3852\", \"name\": \"RHSA-2018:3852\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4326\", \"name\": \"DSA-4326\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://usn.ubuntu.com/3824-1/\", \"name\": \"USN-3824-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2943\", \"name\": \"RHSA-2018:2943\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3008\", \"name\": \"RHSA-2018:3008\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3533\", \"name\": \"RHSA-2018:3533\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3409\", \"name\": \"RHSA-2018:3409\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3001\", \"name\": \"RHSA-2018:3001\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3000\", \"name\": \"RHSA-2018:3000\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securitytracker.com/id/1041889\", \"name\": \"1041889\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3672\", \"name\": \"RHSA-2018:3672\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3521\", \"name\": \"RHSA-2018:3521\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.securityfocus.com/bid/105617\", \"name\": \"105617\", \"refsource\": \"BID\"}, {\"url\": \"https://security.gentoo.org/glsa/201908-10\", \"name\": \"GLSA-201908-10\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us\", \"name\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03952en_us\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-3180\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-3180\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-02T19:39:19.954Z\", \"dateReserved\": \"2017-12-15T00:00:00.000Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2018-10-17T01:00:00.000Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-AVI-495

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Java SE	Java SE version 7u191
Oracle	Java SE	JRockit version R28.3.19
Oracle	Java SE	Java SE version 6u201
Oracle	Java SE	Java SE version 8u182
Oracle	Java SE	Java SE version 11
Oracle	Java SE	Java SE Embedded version 8u181

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuoct2018verbose du 16 octobre 2018	None	vendor-advisory
Bulletin de sécurité Oracle du 16 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java SE version 7u191",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "JRockit version R28.3.19",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 6u201",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 8u182",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 11",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE Embedded version 8u181",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3209"
    },
    {
      "name": "CVE-2018-13785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13785"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-3211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3211"
    },
    {
      "name": "CVE-2018-3149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3149"
    },
    {
      "name": "CVE-2018-3150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3150"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-3214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3214"
    },
    {
      "name": "CVE-2018-3136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3136"
    },
    {
      "name": "CVE-2018-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3169"
    },
    {
      "name": "CVE-2018-3157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3157"
    },
    {
      "name": "CVE-2018-3183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3183"
    }
  ],
  "initial_release_date": "2018-10-17T00:00:00",
  "last_revision_date": "2018-10-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-495",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#JAVA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    }
  ]
}

CERTFR-2018-AVI-589

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.1.x antérieures à 6.1.1.6 iFix2
IBM	N/A	IBM Security SiteProtector System versions 3.0.0.x antérieures à 3.0.0.20
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.x antérieures à 7.0.4.0 iFix1
IBM	N/A	VRA - Vyatta 5600
IBM	WebSphere	IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.2.6.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.2.x antérieures à 6.2.0.6 iFix2
IBM	QRadar	IBM QRadar Network Security versions 5.5.x antérieures à 5.5.0.1
IBM	N/A	IBM DataPower Gateway versions 7.6.x antérieures à 7.6.0.3
IBM	N/A	IBM Social Program Management Design System versions antérieures à 1.4.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.0.5.x antérieures à 6.0.5.10 iFix4
IBM	N/A	IBM DataPower Gateway versions 7.1.x antérieures à 7.1.0.20
IBM	N/A	IBM DataPower Gateway versions 7.5.2.x antérieures à 7.2.10
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.0.x antérieures à 7.0.1.3
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.1.0
IBM	N/A	IBM DataPower Gateway versions 7.2.x antérieures à 7.2.0.17
IBM	QRadar	IBM QRadar Network Security versions 5.4.x antérieures à 5.4.0.6
IBM	N/A	IBM DataPower Gateway versions 7.5.1.x antérieures à 7.1.10
IBM	N/A	IBM Security SiteProtector System versions 3.1.1.x antérieures à 3.1.1.17
IBM	N/A	IBM DataPower Gateway versions 7.5.0.x antérieures à 7.5.0.11
IBM	WebSphere	WebSphere Application Server versions antérieures à 9.0.0.10
IBM	N/A	IBM Voice Gateway versions antérieures à 1.0.0.7a
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ibm10732880 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739019 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744291 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744157 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739035 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744557 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739985 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740799 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10743847 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10736137 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10742369 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739027 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744247 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744553 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740789 du 07 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.0.0.x ant\u00e9rieures \u00e0 3.0.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.x ant\u00e9rieures \u00e0 7.0.4.0 iFix1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VRA - Vyatta 5600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.2.6.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.5.x ant\u00e9rieures \u00e0 5.5.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.6.x ant\u00e9rieures \u00e0 7.6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Social Program Management Design System versions ant\u00e9rieures \u00e0 1.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.0.5.x ant\u00e9rieures \u00e0 6.0.5.10 iFix4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.2.x ant\u00e9rieures \u00e0 7.2.0.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.1.x ant\u00e9rieures \u00e0 7.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.1.1.x ant\u00e9rieures \u00e0 3.1.1.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions ant\u00e9rieures \u00e0 9.0.0.10",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Voice Gateway versions ant\u00e9rieures \u00e0 1.0.0.7a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16058"
    },
    {
      "name": "CVE-2018-10873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10873"
    },
    {
      "name": "CVE-2018-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-10933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
    },
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2018-15594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15594"
    },
    {
      "name": "CVE-2018-16151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16151"
    },
    {
      "name": "CVE-2018-8039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
    },
    {
      "name": "CVE-2018-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
    },
    {
      "name": "CVE-2018-1671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1671"
    },
    {
      "name": "CVE-2018-2973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2973"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1652"
    },
    {
      "name": "CVE-2018-16842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
    },
    {
      "name": "CVE-2018-17182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
    },
    {
      "name": "CVE-2018-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2964"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-14609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-14618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2018-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16056"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1900"
    },
    {
      "name": "CVE-2018-14617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2018-16839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16839"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-14678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
    },
    {
      "name": "CVE-2018-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-16152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16152"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    },
    {
      "name": "CVE-2018-14734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2018-1957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1957"
    },
    {
      "name": "CVE-2018-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1654"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    },
    {
      "name": "CVE-2018-8013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8013"
    },
    {
      "name": "CVE-2018-12539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
    },
    {
      "name": "CVE-2018-16276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
    }
  ],
  "initial_release_date": "2018-12-10T00:00:00",
  "last_revision_date": "2018-12-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-589",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-10T00:00:00.000000"
    },
    {
      "description": "Ajout de deux bulletins de s\u00e9curit\u00e9 IBM Lotus Protector",
      "revision_date": "2018-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10732880 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732880"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739019 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744291 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744291"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744157 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739035 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739035"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744557 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739985 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739985"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740799 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740799"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10743847 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10743847"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10736137 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10736137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10742369 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10742369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739027 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739027"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744247 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744247"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744553 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744553"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740789 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740789"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-3180 (GCVE-0-2018-3180)

Vulnerability from cvelistv5

CERTFR-2018-AVI-495

Vulnerability from certfr_avis

Solution

CERTFR-2018-AVI-589

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature